CBS Boston posted the FBI's affadavit, and it's actually a story with a privacy lesson embedded in it. (I'm assuming here that people are also taking the other, more obvious lesson, which is that you shouldn't make bomb threats.)

Kim sent the threatening emails using a Tor browser, which anonymizes your web browsing, paired with an anonymous email program called Guerilla Mail. That actually could have been enough to protect his identity, except that he did all of this on Harvard's wireless internet.

If your school or your workplace offers you free wi-fi, it's worth remembering that you should severely limit your expectations of privacy while on it. That fact is somehow both very obvious and very easy to forget.

The affadavit makes it sound like in Kim's case, Tor half-worked. Harvard and the FBI likely couldn't see exactly what Kim was doing on Tor. But because he was on Harvard's network, they could tell he'd used the cloaking software at the same time the threatening emails were sent. If you assume there weren't a ton of Harvard kids using web anonymizing software between six and eight o'clock on a Monday morning, then identifying Kim would've been pretty easy.

And frankly, unless they have real evidence against him from his computer or a confession, simply saying he was on Tor around the time it was sent is suspicious but should not be evidence enough to charge him. In that respect, Tor still remains a useful tool for anonymizing traffic.

Though a 20 year old amateur Tor user is more likely than what I'm proposing so it'll all likely depend on how good of a lawyer he gets (as do most trials, I guess).